On Mon, Sep 20, 2010 at 4:20 PM, Grant Ingersoll <gsing...@apache.org>wrote:
> > I'm sorry, I don't see the other options. I think it does need to be done > by a Lucene committer to be an official Lucene artifact. OK, well, I > suppose some other ASF person could do it, but short of a benevolent > volunteer to do so, I don't think there are other options. > > I will quote Ryan here: The "artifacts" are the identical .jar files put into a special directory structure. Therefore, if we release without maven, the jar files are signed by our release key. this is authoritative enough, maven does check signatures correct? I'm not buying the authoritative argument, it seems like any old joker can take our signed jars and put them in maven themselves, without us having to do any work. -- Robert Muir rcm...@gmail.com
